I understand the issue. Now ip-ranges.json is returning more than 50 ranges with CLOUDFRONT value. On the other hand some of them has GLOBAL region value while some of them are bound to specific regions. It was not like before and there is no documentation regarding this situation. I wonder what regional Cloudfront IP range means.
Maybe you can workaround the problem with modifying the script and creating two security groups. (On with 50 rules and second with remaining ones) Then you can add these two groups into ELB.